Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Splunk Patches High-Severity Vulnerabilities in Enterprise Product

Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.

Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs.

Three of the high-severity issues are remote code execution flaws that require authentication for successful exploitation.

The first of them, tracked as CVE-2024-36985, could be exploited by a low-privileged user through a lookup that likely references the ‘splunk_archiver’ application. The issue affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x.

Splunk Enterprise versions 9.2.2, 9.1.5, and 9.0.10 address the vulnerability. The bug can also be mitigated by disabling the ‘splunk_archiver’ application.

Impacting Splunk Enterprise for Windows and tracked as CVE-2024-36984, the second RCE bug allows an authenticated attacker to execute a crafted query to serialize untrusted data and execute arbitrary code.

“The exploit requires the use of the collect SPL command which writes a file within the Splunk Enterprise installation. The attacker could then use this file to submit a serialized payload that could result in execution of code within the payload,” Splunk notes.

The third RCE affects the dashboard PDF generation component in the Enterprise and Cloud Platform products, which uses a vulnerable version of the ReportLab Toolkit (v3.6.1) Python library.

Splunk also patched a high-severity command injection flaw in the Enterprise and Cloud Platform products that could allow an authenticated user to create an external lookup calling to a legacy internal function and insert code in the Splunk platform’s installation directory.

Advertisement. Scroll to continue reading.

“The vulnerability revolves around the currently-deprecated ‘runshellscript’ command that scripted alert actions use. This command, along with external command lookups, lets an authenticated user use this vulnerability to inject and execute commands within a privileged context from the Splunk platform instance,” Splunk explains.

The remaining high-severity bugs include a path traversal in Splunk Enterprise on Windows and a denial-of-service in the Enterprise and Cloud Platform products.

The remaining fixes that Splunk released on Monday address medium-severity flaws impacting the Enterprise and Cloud Platform products.

Splunk makes no mention of any of these vulnerabilities being exploited in the wild. Additional information can be found on Splunk’s security advisories page.

On Monday, the company also announced patches for nearly two dozen issues in third-party packages in Splunk Enterprise and notified users of Splunk Enterprise on Linux and Universal Forwarder on Solaris that, in certain versions and architectures, the cryptographic library for OpenSSL was incorrectly compiled.

Related: Splunk Patches Vulnerabilities in Enterprise Product

Related: High-Severity Vulnerability Patched in Splunk Enterprise

Related: Canon Patches 7 Critical Vulnerabilities in Small Office Printers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights